The NSA Can Now Track Your Sex Toys

---

Holy cowbell, sex toy hacking is a thing! Did you all catch this splendid news item? Hackers in New Zealand have found a way to hack the Bluetooth technology on a popular “personal massager,” which has opened up a whole vibrating can of worms if you know what I mean. 

At last week’s DEF CON 24 in Las Vegas, one of the speaker modules was titled:

Breaking the Internet of Vibrating Things: What We Learned Reverse Engineering Bluetooth- and Internet-Enabled Adult Toys

Before we get to the article, the device and the implications, let’s chat for a second about DEF CON. Not being a hacker, I’d never heard of the conference before. It’s held yearly in late July/early August and it’s unlike any conference I’ve ever attended.

Get this: entry is cash only, no early bird pricing, NO registration. (I can’t even describe to you how much this would stress all my conference-going pals out.) And there are tens of thousands of hackers attending this event every year.

Just reading the conference information page was eye-opening. Hacker conferences are a THING, y’all.

When and where is DEF CON 24?
DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 24 will be held August 4-7, 2016 at Paris and Bally’s in Las Vegas. Many people arrive a day early, and many stay a day later. Again this year we will have some things running on Thursday.

---

How much is admission?
$240.00 USD, Cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash – no checks, no money orders, no travelers checks. We don’t want to be a target of any State or Federal fishing expeditions.

---

Can I pre-register for DEF CON?
No.

---

How many people will be there?
Last year we had more than 15,000 people at DEF CON! The last few years, attendence has been in the 12-14k range.

The article I read in the British newspaper, The Register, stated that “the two-person team of g0ldfisk and follower got hold of the schematics for the We Vibe 4 Plus, a U-shaped vibrator that can be controlled via Bluetooth using a remote control or a smartphone app. The wireless functions mean the device’s makers had to report its details with the United States the Federal Communications Commission, and that filing allowed the hackers to figure out a way to crack the device.”

I don’t know about you, but they lost me at “smartphone app.” I have no desire to have my lady bits (and their various and sundry activities) broadcast to the cloud. Anyone who saw Katherine Heigl in The Ugly Truth knows what happens when control of sex toys fall into the wrong hands.

And the order page for the cute We-Vibe devices says these hackable darlings cost $179 + shipping. That’s a whole lot more than the usual $15-50 range for most nookie toys. The good news is, they’re almost half off at Amazon. *lol*

The gal who sent me the article, said: “Anyone who hacks someone’s vibrator definitely has too much time on their hands.”

My response to that?

My friend, these are hackers. These are not people who are out socializing and frittering away their time with live people. They are busy poking around virtually at the rest of us – literally in this case.

Not that they don’t have a killer sense of humor – here’s the abstract for the talk.

Note: My comments in pink. Their choicest lines in blue.

The Internet of Things is filled with vulnerabilities, would you expect the Internet of Vibrating Things to be any different? As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover. [Dying over “teledildonics”…Dying!!!]

Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your activity, sexual health and to whom you give control? How do you really know who is making you squirm with pleasure? And what happens when your government decides your sex toy is an aid to political dissidents? 

[When “my sex toys become an aid for political dissidents??” If that happens, people, the end days are upon us. Just pack up your non-cloud-connected sex toys and go live off the grid.]

Because there’s nothing more sexy than reverse engineering we looked into one product (the We-Vibe 4 Plus from the innocuously named “Standard Innovation Corporation”) to get answers for you.

Attend our talk to learn the unexpected political and legal implications of internet connected sex toys and, perhaps more importantly, how you can explore and gain more control over the intimate devices in your life. Learn the reverse engineering approach we took–suitable for both first timers and the more experienced–to analyze a product that integrates a Bluetooth LE/Smart wireless hardware device, mobile app and server-side functionality. More parts means more attack surfaces! [No, Mr. NSA, pleeeaaaaazzzzze don’t attack my vibes.] 

Alongside the talk, we are releasing the “Weevil” suite of tools to enable you to simulate and control We-Vibe compatible vibrators. We invite you to bring your knowledge of mobile app exploits, wireless communication hijacking (you already hacked your electronic skateboard last year, right?) and back-end server vulnerabilities to the party. It’s time for you to get to play with your toys more privately and creatively than before.

[Did you notice there’s “IYKWIM’s” for almost every sentence in this abstract?]

So there you have it, my friends. Here at More Cowbell we’ve all discovered that the NSA really is storing data on everything.

Had you ever heard of this type of hacking? Knowing what you know, would you ever  buy the We Vibe 4 Plus? What’s the most unusual hacking story you’ve ever heard? Enquiring minds always want to know these things here at More Cowbell!

~ Jenny